Presented by Gravitee
There’s a growing disconnect between AI ambition and operational readiness, as businesses race to prove value with AI before their competitors. Across numerous organizations, a growing number of AI agents are deployed and operating without guardrails, and that’s going to have major consequences sooner rather than later, says Rory Blundell, CEO of Gravitee.
“Organizations are rushing to implement AI agents without the necessary security frameworks or structured onboarding processes in place,” Blundell explains. “As a result, we believe there’s a strong likelihood that within the next couple of years, there will be a major data breach caused by an agent acting outside of its intended remit, whether unknowingly or due to oversight by its human operators. It’s a risk that businesses must get ahead of now, before it’s too late.”
According to Gravitee’s recent State of Agentic AI survey, 72% of organizations are already using agentic AI systems. Additionally, 75% of respondents cite governance as their top concern. However, many global business leaders still don’t fully understand the breadth of risks inherent in their agentic experiments, especially as the number of agents they deploy stacks up.
The risks of accelerated agent sprawl
The challenges of agent sprawl now echo those early API days: individual teams spin up their own agents to tackle specific tasks, from chatbots to workflow automation, but without a centralized plan. Before long, agents are interacting with LLMs, triggering actions, or tapping into sensitive tools and data, all without shared oversight or visibility into performance, security posture, or cost, and the consequences could be far reaching.
“You’re going to have exactly the same challenge you had with services and micro-services 10 or 15 years ago,” Blundell says. “As more agents are created without centralized control, it becomes nearly impossible to monitor their behavior, ensure they’re operating efficiently, or maintain critical security in all the interactions happening all the time between tools, LLMs, and agents. Then you’ve got badly monitored agents with clashing protocols and unsupervised behaviors that hamper speed to innovation, gum up systems, and actually cause inefficiencies instead of solving them.”
Speed versus innovation
Long-established enterprises with decades of pre-AI security, governance and control measures already in place have another challenge: balancing strict safety protocols for agents and getting overtaken by competitors who are faster and more nimble, or throwing agents at the wall and seeing what sticks. Those companies that are rushing into the fray might be exposing themselves to major risk, but interestingly, they’re also advancing far more quickly Blundell says.
“When you don’t yet have the required security measures in place or a properly structured way to introduce more agents, you’re going to self-censor, and speed will reduce,” Blundell says. “You therefore risk the business not being able to achieve what it should achieve, and risk your overall company prosperity. Other businesses that don’t have that baggage will be able to accelerate beyond you and this is something we’re keen to help businesses prevent.”
The role of centralized governance and control
It’s now possible to address all of these challenges at once with a centralized governance layer that provides visibility into an entire agentic system through a unified interface. Putting a solution like Gravitee’s Agent Mesh in place can significantly accelerate innovation almost immediately, especially once an organization resolves performance issues caused by overburdened, inefficient agents that monopolize resources.
The mesh is underpinned by a secure communication protocol, because agents are only as useful as their ability to coordinate and safely share data. It uses Google’s open Agent-to-Agent (A2A) protocol: an open-source project developed by Google Cloud in partnership with 50+ other companies, including Gravitee. The A2A protocol manages secure information exchange and coordinated actions among autonomous AI agents, regardless of whether their underlying technology or framework matches, allowing them to discover, authenticate security, and collaborate, ensuring organizations are protected.
The A2A protocol and other agent governance tools, such as Gravitee’s Agent Mesh, are designed to reduce duplication as well as enforce policy. And it adds the observability and order that ensures multi-agent ecosystems are governed, efficient, and aligned with internal policies.
When governance comes into play
Given the current pace of AI enthusiasm and experimentation, most organizations are not starting their agentic AI journey with governance — nor should they, especially in the early stages, says Blundell. However, a four-stage AI readiness maturity model can help guide business progression:
- Stage one: Proof of concept and experimentation
- Stage two: Incorporation of tools and LLMs, and single-agent use
- Stage three: Multi-agent deployment
- Stage four: Fully governed, observable, and secure multi-agent ecosystems
While AI tools and LLMs are becoming more commonplace, true multi-agent architectures remain rare. Most organizations today fall somewhere between stages one and two says Blundell — and that’s exactly where they should be, continuing to test, learn, and experiment before layering in governance.
“Leaving governance to a later stage might seem contradictory, but it won’t actually make sense unless you start to understand what AI means to your organization first,” he explains. “Our recommendation is to go through all the initial stages of AI readiness and early agent proof of concepts, figuring out where agents fit in and how, before you consider a governance strategy. You don’t want to be locked into a framework that doesn’t work for the multi-agent architecture that works for your business.”
An organization grappling with a messy, ungoverned, multi-agent architecture can plug existing agent APIs directly into the Gravitee Agent Mesh, without any risk to how that architecture functions.
“Upgrading to Agent Mesh just requires a very short period of time to direct everything to the right places and centralize your agents, start monitoring performance, and enforcing best practices,” he says. “And then you’ll have unlocked the ability to accelerate forward to full AI maturity.”
Dig deeper: To learn more about the role of governance and control when supercharging AI innovation, and why observability is critical to an agentic strategy that delivers fast, visit here.
Also, Gravitee is hosting an A2A Summit for leaders navigating agentic AI on November 6, 2025, in NYC, in partnership with The Linux Foundation. The event will explore the future of agent-to-agent (A2A) orchestration and autonomous enterprise systems, bringing together technology leaders from Google, Microsoft, Gartner, and others to provide actionable insights to help organizations tackle agent sprawl and unlock the full potential of AI-driven decision-making. Learn more here.
Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. For more information, contact
